7MS #354: Tales of Internal Pentest Pwnage - Part 2
7 Minute Security25 Mars 2019

7MS #354: Tales of Internal Pentest Pwnage - Part 2

Today's episode is the thrilling, exciting, heart-pounding conclusion of Tales of Internal Pentest Pwnage - Part 1. In this episode, we cover the final "wins" that got me to Domain Admin status (and beyond!):

  • Got DA but can't get to your final "crown jewels" destinations? How about going after the organization's backups (evil grin!)

  • Got DA but stuck to find hot leads to where the crown jewels are? Get snoopy and go through people's files, folders and...bookmark caches! (evil grin #2!)

  • If your nmap/eyewitness scan turns up Web sites with simply an IIS default landing page or "It works!" Apache page on it, there's probably more there than meets the eye.

We also talk about lessons learned from this pentest - both things done well and things the org can do to make the next pentester's job a lot harder.

Avsnitt(684)

7MS #52: OFFTOPIC – My Son is Really Loyal (audio)

7MS #52: OFFTOPIC – My Son is Really Loyal (audio)

It’s another off-topic episode today. This one’s about how my eight-year-old son is fiercely loyal, and wants to settle a 25-year-old score for me. 7MS #52: OFFTOPIC – My Son is Really Loyal (audio)

9 Apr 20158min

7MS #51: CEH vs. OSCP (audio)

7MS #51: CEH vs. OSCP (audio)

A few people have written in asking whether to pursue the CEH or OSCP (or both). This episode discusses my experience with each cert and hopefully points you in the right direction on which one might be right for you. Here’s the article on CEH I mention during the episode – it has much more…

7 Apr 20157min

7MS #50: OSCP – The Final Chapter – part 2! (audio)

7MS #50: OSCP – The Final Chapter – part 2! (audio)

At last, the epic conclusion of the maddening, redeeming OSCP journey. 7MS #50: OSCP – The Final Chapter – part 2! (audio)

2 Apr 20157min

7MS #49: OSCP – The Final Chapter – part 1! (audio)

7MS #49: OSCP – The Final Chapter – part 1! (audio)

We’ve arrived at the exciting two-part finale to my bloody battle with the OSCP! 7MS #49: OSCP – the final chapter – part 1! (audio)

31 Mars 20157min

7MS #48: So I Gave My Eight Year Old a Computer (audio)

7MS #48: So I Gave My Eight Year Old a Computer (audio)

Is it a good idea to give young kids a computer to play with? Maybe. Maybe not. Tune in to today’s episode and weigh in! 7MS #48: So I Gave My Eight Year Old a Computer (audio)

21 Mars 20158min

7MS #47: Logging and Alerting RELOADED (audio)

7MS #47: Logging and Alerting RELOADED (audio)

Hey, you should log the stuff going on in your network. This episode talks about that (again). And I reference some AD-related settings that may not be enabled in your environment…stuff you might want to turn on. Check out that information via this PDF here. 7MS #47: Logging and Alerting Reloaded (audio)

17 Mars 20157min

7MS #46: So You Want to be a Hacker? (audio)

7MS #46: So You Want to be a Hacker? (audio)

So you want to be a hacker? Cool. In this episode I toss myself under the bus and share why I used to have a really dumb perspective on what that meant, and how my view of hackers – and hacking – has changed (and hopefully matured). 7MS #46: So You Want to be a…

14 Mars 20157min

7MS #45: OFFTOPIC – Why I Stopped Pirating Software (audio)

7MS #45: OFFTOPIC – Why I Stopped Pirating Software (audio)

Warning, this is an off topic episode! I used to pirate software. There. I admitted it. But it’s funny how a letter from the Comcast legal dept. will change your mind and let you see piracy in a whole new light! 7MS #45: OFFTOPIC – Why I Stopped Pirating Software (audio)

10 Mars 20157min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
rss-krimstad
flashback-forever
olyckan-inifran
rss-viva-fotboll
aftonbladet-daily
rss-vad-fan-hande
svenska-fall
rss-sanning-konsekvens
krimmagasinet
rss-expressen-dok
motiv
fordomspodden
svd-nyhetsartiklar
dagens-eko
rss-frandfors-horna
blenda-2
spar
spotlight